US10667131B2ActiveUtilityA1

Method for connecting network access device to wireless network access point, network access device, and application server

39
Assignee: TENCENT TECH SHENZHEN CO LTDPriority: Aug 19, 2015Filed: Sep 8, 2017Granted: May 26, 2020
Est. expiryAug 19, 2035(~9.1 yrs left)· nominal 20-yr term from priority
H04L 63/08H04L 9/0891H04L 2209/80H04L 9/0822H04W 12/02H04L 63/0428H04W 12/06H04L 9/3247H04L 63/0876H04L 63/06H04L 63/0892H04W 12/04H04L 29/06
39
PatentIndex Score
0
Cited by
17
References
18
Claims

Abstract

A method for connecting a network access device to a wireless network access point includes: initiating an access request to a wireless network access point, wherein when detecting that the network access device is not authenticated, the wireless network access point redirects the access request to an authentication portal, the access request carrying an authentication server address; obtaining, by an application client on the network access device, an authentication parameter after obtaining authentication authorization of a user on the authentication portal; encrypting the authentication parameter by using a wireless access key; initiating, according to the authentication server address, an authentication request carrying the encrypted authentication parameter to an authentication server; receiving the login address and the encrypted signature from the authentication server; accessing the login address on the authentication server; and connecting to the wireless network access point to access the Internet according to a pass-through result.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
       1. A method for connecting a network access device to a wireless network access point, comprising:
 initiating, by a network access device, an access request to a wireless network access point, wherein when detecting that the network access device is not authenticated, the wireless network access point redirects the access request to an authentication portal, the access request carrying an authentication server address; 
 obtaining authentication authorization of a user on the authentication portal; 
 obtaining, by an application client on the network access device, an authentication parameter after obtaining the authentication authorization; 
 encrypting the authentication parameter by using a wireless access key; 
 initiating, according to the authentication server address, an authentication request carrying the encrypted authentication parameter to an authentication server, wherein the authentication server obtains an encrypted signature from an application server that decrypts and validates the authentication parameter by using the wireless access key, and generates a login address; 
 receiving, by the application client on the network access device, the login address and the encrypted signature from the authentication server; 
 accessing the login address on the authentication server, wherein the authentication server returns a pass-through result; and 
 connecting, by the network access device, to the wireless network access point to access the Internet according to the pass-through result. 
 
     
     
       2. The method according to  claim 1 , further comprising:
 periodically receiving, by the application client on the network access device, an update request comprising an encrypted new wireless access key from the application server, wherein the encrypted new wireless access key is obtained by encrypting a new wireless access key using an original wireless access key; 
 decrypting, by the application client on the network access device, the update request by using the original wireless access key, to obtain the new wireless access key; and 
 replacing the original wireless access key by the new wireless access key. 
 
     
     
       3. The method according to  claim 1 , further comprising:
 connecting to, by the network access device, the network wireless access point to access the Internet based on a pass-through time returned by the authentication server. 
 
     
     
       4. The method according to  claim 1 , wherein the authentication parameter comprises hardware parameter information and a user identifier, wherein the hardware parameter information comprises an equipment identifier of the network access device and an equipment identifier of the wireless network access point; and
 the encrypted signature is generated by using the wireless access key and the user identifier, or by using the wireless access key, the user identifier, and a time stamp. 
 
     
     
       5. The method according to  claim 1 , wherein accessing the login address further comprises:
 decrypting the encrypted signature by using the wireless access key to obtain a decrypted signature; 
 performing a verification of the decrypted signature; and 
 accessing the login address on the authentication server after the verification succeeds. 
 
     
     
       6. The method according to  claim 1 , wherein the authentication authorization on the authentication portal is obtained in response to a single user action. 
     
     
       7. A method for connecting a network access device to a wireless network access point, comprising:
 receiving, by an application server, an authentication request from an authentication server, wherein the authentication request carries an authentication parameter encrypted by an application client on a network device using a wireless access key, and is sent to the authentication server when the network access device is not authenticated; 
 decrypting, by the application server, the authentication request by using the wireless access key, to obtain the authentication parameter; 
 verifying the authentication parameter to obtain an authentication result; 
 after determining that the authentication result is successful, generating an encrypted signature by using the wireless access key; and 
 returning the authentication parameter, the authentication result, and the encrypted signature to the authentication server, wherein the authentication server generates a login address, and sends the encrypted signature and the login address to the application client on the network access device; and the application client on the network access device decrypts the encrypted signature, accesses the login address, and connects, according to a pass-through result after accessing the login address, to a wireless network access point to access the Internet. 
 
     
     
       8. The method according to  claim 7 , further comprising:
 periodically generating a new wireless access key, and backing up an original wireless access key; 
 encrypting the new wireless access key by using the original wireless access key to obtain an encrypted new wireless access key; and 
 sending an update request comprising the encrypted new wireless access key to the application client on the network access device. 
 
     
     
       9. The method according to  claim 7 , wherein the authentication parameter comprises hardware parameter information and a user identifier, wherein the hardware parameter information comprises an equipment identifier of the network access device and an equipment identifier of the wireless network access point; and
 the generating an encrypted signature by using the wireless access key comprises: 
 generating the encrypted signature by using the wireless access key and the user identifier, or generating the encrypted signature by using the wireless access key, the user identifier, and a time stamp. 
 
     
     
       10. A network access device, comprising a memory and a processor, the memory computer readable instructions, wherein when executing the instructions, the processor is configured for:
 initiating an access request to a wireless network access point, wherein when detecting that the network access device is not authenticated, the wireless network access point redirects the access request to an authentication portal, the access request carrying an authentication server address; 
 obtaining, by an application client on the network access device, authentication authorization of a user on the authentication portal; 
 obtaining an authentication parameter after obtaining the authentication authorization; 
 encrypting the authentication parameter by using a wireless access key; 
 initiating, to an authentication server according to an authentication server address, an authentication request carrying the encrypted authentication parameter, wherein the authentication server obtains an encrypted signature from an application server that decrypts and validates the authentication parameter by using the wireless access key, and generates a login address; 
 receiving the encrypted signature and a login address from the authentication server; 
 decrypting the encrypted signature by using the wireless access key to obtain a decrypted signature for verification; 
 accessing the login address after the verification succeeds, wherein the authentication server returns a pass-through result; and 
 connecting, according to the pass-through result, to the wireless network access point to access the Internet. 
 
     
     
       11. The network access device according to  claim 10 , wherein, the processor is further configured for:
 periodically receiving, by the application client on the network access device, an update request from the application server, the update request comprising an encrypted new wireless access key, wherein the encrypted new wireless access key is obtained by encrypting a new wireless access key using an original wireless access key; and 
 decrypting, by the application client on the network access device, the update request by using the original wireless access key, to obtain the new wireless access key; and 
 replacing the original wireless access key by the new wireless access key. 
 
     
     
       12. The network access device according to  claim 10 , wherein, the processor is further configured for:
 receiving the pass-through time returned by the authentication server after the authentication server learns that the login address is accessed. 
 
     
     
       13. The network access device according to  claim 10 , wherein the processor is further configured for:
 connecting to the network wireless access point to access the Internet based on a pass-through time returned by the authentication server. 
 
     
     
       14. The network access device according to  claim 10 , wherein the authentication authorization on the authentication portal is obtained in response to a single user action. 
     
     
       15. The network access device according to  claim 10 , wherein, the authentication parameter comprises hardware parameter information and a user identifier, wherein the hardware parameter information comprises an equipment identifier of the network access device and an equipment identifier of the wireless network access point; and
 the encrypted signature is generated by using the wireless access key and the user identifier, or by using the wireless access key, the user identifier, and a time stamp. 
 
     
     
       16. An application server, comprising a memory and a processor, the memory storing a computer readable instruction to be executed by the processor, wherein the processor is configured for:
 receiving an authentication request from an authentication server, wherein the authentication request carries an authentication parameter encrypted by an application client on a network device using a wireless access key, and is sent to the authentication server when the network access device is not authenticated; 
 decrypting the authentication request by using the wireless access key, to obtain the authentication parameter; 
 verifying the authentication parameter to obtain an authentication result; 
 after determining that the authentication result is successful, generating an encrypted signature by using the wireless access key; and 
 returning the authentication parameter, the authentication result, and the encrypted signature to the authentication server, wherein the authentication server generates a login address, and sends the encrypted signature and the login address to the application client on the network access device; and the application client on the network access device decrypts the encrypted signature, accesses the login address, and connects, according to a pass-through result after accessing the login address, a wireless network access point to access the Internet. 
 
     
     
       17. The application server according to  claim 16 , wherein the processor is further configured for:
 periodically generating a new wireless access key, and backing up an original wireless access key; 
 encrypting the new wireless access key by using the original wireless access key to obtain an encrypted new wireless access key; and 
 sending an update request comprising the encrypted new wireless access key to the application client on the network access device. 
 
     
     
       18. The application server according to  claim 16 , wherein the authentication parameter comprises hardware parameter information and a user identifier, wherein the hardware parameter information comprises an equipment identifier of the network access device and an equipment identifier of the wireless network access point; and
 the generating an encrypted signature by using the wireless access key comprises: 
 generating the encrypted signature by using the wireless access key and the user identifier, or generating the encrypted signature by using the wireless access key, the user identifier, and a time stamp.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.